Battle.net Authenticator Changes

Community Manager

If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Battle.net Authenticator attached to your account, don’t wait until it’s too late - http://us.battle.net/en/security/checklist
90 Blood Elf Rogue
12870
Thank you so much! This is one of the best changes I have seen in a long time.
Edited by Holybell on 6/16/2011 2:27 PM PDT
85 Draenei Mage
12540
I don't like this
- Technical Support
90 Blood Elf Hunter
17510
I shall use the third post slot to my advantage!

First off, this will not negatively affect your account's security from outside sources.

http://twitter.com/#!/BlizzardCS/statuses/81485048242651136

Blizzard's security developers are far more intelligent than they're often given credit for. With dozens upon dozens of company databases compromised within the last few weeks, Blizzard's bound to be doing everything they can to ensure their system is locked down as tightly as possible. Now would be one of the absolute worst of times for Blizzard to even think about using laxer security methods.

http://twitter.com/#!/BlizzardCS/statuses/81493177147727872

You will not be able to be compromised through IP spoofing or the like. Such an elaborate system is going to be well-designed and use information beyond just location. While we won't know exactly what data is collected, it isn't data that would be easily duplicated (e.g. hardware IDs).

Additionally, please note that there was a so-called "man-in-the-middle" compromise that would snatch an authenticator code after it was entered and then crash WoW's executable, submitting the valid code to someone hoping to break into your account. While this method will still function, it will be defunct on systems that are already affected by this change. No authenticator code to enter means no authenticator code to steal.
________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
Edited by Kodiack on 6/16/2011 4:13 PM PDT
85 Blood Elf Priest
3320
This is good. I pay a small fortune (in these parts) for a static IP, so it would be nice to not have to use the thing all the time.
91 Blood Elf Priest
13035
Just saw this on breaking news, thankfully it asked for my authenticator numbers when I logged on, I hope it always does, same location or not. The reason I bought the authenticator was an attempt to prevent my account from being hacked, now it's not going to ask for it? Why even have one if that is the case? I personally don't like this update and would prefer the intrusion, and having to input it everytime.

Out of curiosity, will it be possible to opt out of that? While I'm sure the developers will roll out software that is indeed quite "intelligent" and does the job well, I would like to have the option to always use my authenticator regardless of where I'm logging in from.


^^ This!
Edited by Vzory on 6/16/2011 2:33 PM PDT
90 Night Elf Druid
12225
06/16/2011 02:29 PMPosted by Kodiack
Out of curiosity, will it be possible to opt out of that? While I'm sure the developers will roll out software that is indeed quite "intelligent" and does the job well, I would like to have the option to always use my authenticator regardless of where I'm logging in from.


I agree with this. I'd like to have the option to always use my authenticator.
This is a catastrophically bad idea. If thieves have tricked someone into downloading a keylogger to get the login info, they can just as easily immediately fake a login to bnet2.0 from the victim's machine.

Edit -- I said they would use a keylogger to get the authcode, when obviously they don't need that any more, just the login. Also, /facepalm
Edited by Kinvann on 6/16/2011 2:38 PM PDT
85 Tauren Paladin
1770
06/16/2011 02:28 PMPosted by Dreadnb
I don't like this

06/16/2011 02:31 PMPosted by Sgtpain
could be my sister or my brother-in-law logging into my account. Then what?


Don't share your password and you should be fine.
Edited by Pozadin on 6/16/2011 2:33 PM PDT
85 Undead Warrior
8140
If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Battle.net Authenticator attached to your account, don’t wait until it’s too late - http://us.battle.net/en/security/checklist

Is there anyway to make it so that it will ask everytime?
90 Draenei Priest
12540
My concern is that the dial-up authenticator already does this... and is much less secure because of it.

I fail to see how someone that gets a program on my computer to keylog me can't also grab my IP and spoof it? Is there something I'm not getting here?
85 Undead Warlock
5635
If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Battle.net Authenticator attached to your account, don’t wait until it’s too late - http://us.battle.net/en/security/checklist


Please, no. I don't care if it "thinks" its me, could be my sister or my brother-in-law logging into my account. Then what?

Yea, I don't think so. Just because its the same location, won't necessarily mean its the same person if there are multiple people under one roof. I'd rather have it ask me every single time to log in the game.

Freaking lazy people
Someone needs a nap.
90 Human Paladin
SPR
8710
And if I have a child whom I share the account with, and use the authenticator to monitor their playtime?
85 Blood Elf Priest
3320
I'm sure you'll be able to opt out of it. Relax.
85 Tauren Paladin
1770
06/16/2011 02:34 PMPosted by Nale
And if I have a child whom I share the account with, and use the authenticator to monitor their playtime?


Parental Controls
Yay!
90 Blood Elf Rogue
12870
Wow didn't think it was that big of a deal, seemed like a quality of life improvement, specially for those that love to have internet issues... didn't know people would be against it.
90 Blood Elf Rogue
12870
06/16/2011 02:34 PMPosted by Nale
And if I have a child whom I share the account with, and use the authenticator to monitor their playtime?


Your really not supposed to be able to do that from what I hear, if they want to play they need their own account.
85 Night Elf Hunter
2360
I'm sorry but I don't like this. I feel more comfortable putting an extra 5 seconds in to type in some numbers rather than have someone get into my computer and log in.
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]